Paolo Mori

Survey: Usage control in computer security: A survey

Protecting access to digital resources is one of the fundamental problems recognized in computer security. As yet it remains a challenging problem to work out, starting from the design of a system until its implementation. Access control is defined as the ability to permit or deny access to a particular resource (object) by a particular entity (subject). Three most widely used traditional access control models are: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). Traditional access control solutions do not respond adequately to new challenges addressed by modern computer systems. Today highly distributed, network-connected, heterogeneous and open computing environment requires a fine-grained, flexible, persistent and continuous model for protecting the access and usage of digital resources. This paper surveys the literature on Usage Control (UCON) model proposed by Park and Sandhu (2002) [1], Park (2003) [2] and Zhang (2006) [3]. Usage control is a novel and promising approach for access control in open, distributed, heterogeneous and network-connected computer environments. It encompasses and enhances traditional access control models, Trust Management (TM) and Digital Rights Management (DRM), and its main novelties are mutability of attributes and continuity of access decision evaluation.

Towards Continuous Usage Control on Grid Computational Services

Security in the grid environment is a challenging issue, because this environment instantiates interactions among a set of possibly unknown entities where no trust relationships may exist a priori, or when such relationships are not strong enough for specific applications. In this paper we propose to integrate a local monitor into the grid computational service architecture, to control the behavior of applications executed on behalf of grid users. Our approach is inspired to the concept of continuous usage control rather then simply access control to monitor the security relevant interactions of these applications with the requested services. We also describe the prototype of computational service monitor we have developed and its integration within the globus framework

On usage control for GRID systems

This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc.). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users.

Runtime monitoring for next generation Java ME platform

Many modern mobile devices, such as mobile phones or Personal digital assistants (PDAs), are able to run Java applications, such as games, Internet browsers, chat tools and so on. These applications perform some operations on the mobile device, that are critical from the security point of view, such as connecting to the Internet, sending and receiving SMS messages, connecting to other devices through the Bluetooth interface, browsing the users contact list, and so on. Hence, an adequate security support is required to protect the device from malicious applications. This paper proposes an enhanced security support for next generation Java Micro Edition platform. This support performs a runtime monitoring of the operations performed by the Java applications, and enforces a security policy that defines which operations applications are allowed to perform. Two possible design approaches for the security support are presented and compared.

Enhancing Java ME Security Support with Resource Usage Monitoring

Both the spreading and the capabilities of mobile devices have dramatically increased over the last years. Nowadays, many mobile devices are able to run Java applications, that can create Internet connections, send SMS messages, and perform other expensive or dangerous operations on the mobile device. Hence, an adequate security support is required to meet the needs of this new and evolving scenario. This paper proposes an approach to enhance the security support of Java Micro Edition, based on the monitoring of the usage of mobile device resources performed by MIDlets. A process algebra based language is used to define the security policy and a reference monitor based architecture is exploited to monitor the resource usage. The paper also presents the implementation of a prototype running on a real mobile device, along with some preliminary performance evaluation.

A model for usage control in GRID systems

The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models. Its main novelty, in addition to the unifying view, is based on continuity of usage monitoring and mutability of attributes of subjects and objects.

Fine grained access control with trust and reputation management for globus

We propose an integrated architecture, extending a framework for fine grained access control of Grid computational services, with an inference engine managing reputation and trust management credentials. Also, we present the implementation of the proposed architecture, with preliminary performance figures.

Prioritized Execution of Privacy Policies

This paper addresses the issue of solving conflicts occurring in the authorization decision process among policies applicable to an access request. We propose a strategy for conflict resolution based on the evaluation of the specificity level of the elements constituting the policies. Operatively, the strategy is implemented by exploiting a well known decision making technique. Two practical examples of use in the healthcare scenario are given.

Controlling Usage in Business Process Workflows through Fine-Grained Security Policies

We propose a language for expressing fine-grained security policies for controlling orchestrated business processes modelled as a BPEL workflow. Our policies are expressed as a process algebra that permits a BPEL activity, denies it or force-terminates it. The outcome is evaluates with compensation contexts. Finally, we give an example of these policies in a distributed map processing scenario such that the policies constrain service interactions in the workflow according to the security requirements of each entity participating in the workflow.

Fine-grained and History-based Access Control with Trust Management for Autonomic Grid Services

Grid technology provides an Internet-wide environment where a very large set of entities share their resources. The main feature of a grid environment is that resource providers belong to distinct administrative domains each with its own security policies and enforcement mechanisms. Even more, service providers and entities, exploiting the grid infrastructure, typically have incomplete information about each other mainly because each administrative domain manages its policies and resources with high degree of autonomy. Thus, controlling access to grid resources has become a major security issue and a grid infrastructure has to provide a proper set of mechanisms and tools that allow for a fine-grained and history-based access control management. This paper proposes a comprehensive access control and enforcement framework for grid computational resources. The framework is based on a behavioral model that defines fine-grained and history-based monitoring and on a trust management model that provides access decisions and proper access rights management. The framework provides dynamic and context-aware access control enforcement by generating temporal credentials at run time while users applications are exploiting grids resources